21 matches found
EUVD-2006-6431
Malware in sbrugna...
EUVD-2006-6432
Malware in sbrugna...
EUVD-2006-6430
Malware in sbrugna...
EUVD-2006-6515
Malware in sbrugna...
Vt-Forum Lite 1.3 vf_newtopic.asp IFRAME Element XSS
No description provided by source. source: http://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in...
Vt-Forum Lite 1.3 vf_info.asp StrMes Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in...
CVE-2006-6532
Multiple cross-site scripting XSS vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 StrMsg or 2 TopicID parameter to a vfinfo.asp, b vfnewtopic.asp, c vfsettings.asp, and d vfreplytopic.asp, different vectors than CVE-2006-644...
CVE-2006-6532
CVE-2006-6532 is an XSS issue affecting Vt-Forum Lite 1.3 and earlier. Connected docs confirm exploitable via (1) StrMsg/Topic_ID parameters to vf_info.asp, vf_newtopic.asp, vf_settings.asp, and vf_replytopic.asp (and references to CVE-2006-6447). Root cause is insufficient input sanitization lea...
CVE-2006-6532
Multiple cross-site scripting XSS vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 StrMsg or 2 TopicID parameter to a vfinfo.asp, b vfnewtopic.asp, c vfsettings.asp, and d vfreplytopic.asp, different vectors than CVE-2006-644...
CVE-2006-6447
Multiple cross-site scripting XSS vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the StrMes parameter in vfinfo.asp and possibly 2 a URL in the SRC attribute of an IFRAME element that is submitted to vfnewtopic.asp...
CVE-2006-6449
Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from thir...
CVE-2006-6448
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vfmemberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6447
Vuln: CVE-2006-6447 affects Vt-Forum Lite 1.3 and 1.5. Affected component: vf_info.asp (StrMes parameter) and possibly a URL in the SRC attribute of an IFRAME submitted to vf_newtopic.asp, enabling remote XSS through input vectors described in the description. Impact and specifics are limited to ...
CVE-2006-6448
Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vfmemberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from...
CVE-2006-6447
Multiple cross-site scripting XSS vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the StrMes parameter in vfinfo.asp and possibly 2 a URL in the SRC attribute of an IFRAME element that is submitted to vfnewtopic.asp...
CVE-2006-6449
Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from thir...
CVE-2006-6448
Vulnerability: CVE-2006-6448 affects Vt-Forum Lite 1.3 and earlier. Description: Multiple SQL injection vulnerabilities allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp and other vectors. Root cause: unsafely constructed SQL queries in the aff...
CVE-2006-6449
Vulnerability CVE-2006-6449 affects Vt-Forum Lite 1.3 and earlier. The issue is that sensitive information (a database) is stored under the web root with insufficient access control, enabling remote attackers to download db/forum.mdb via a direct request. This describes a partial confidentiality ...
Vt-Forum Lite 1.3 - vf_newtopic.asp IFRAME Element Cross-Site Scripting
Vt-Forum Lite 1.3 - vfnewtopic.asp IFRAME Element Cross-Site Scripting source: https://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Vt-Forum Lite 1.3 - vf_info.asp?StrMes Cross-Site Scripting
Vt-Forum Lite 1.3 - vfinfo.asp?StrMes Cross-Site Scripting source: https://www.securityfocus.com/bid/21428/info Vt-Forum Lite is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrar...